Helm chart support for provider images

Author: johngmyers

charts/external-dns/CHANGELOG.md

@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added the option to explicitly enable or disable service account token automounting. ([#3983](https://github.com/kubernetes-sigs/external-dns/pull/3983)) [@gilles-gosuin](https://github.com/gilles-gosuin)
 - Added the option to configure revisionHistoryLimit on the K8s Deployment resource. ([#4008](https://github.com/kubernetes-sigs/external-dns/pull/4008)) [@arnisoph](https://github.com/arnisoph)
+- Added support for webhook sidecars.
 
 ## [v1.13.1] - 2023-09-07
 

charts/external-dns/README.md

@@ -70,3 +70,17 @@ The image to use
 {{- define "external-dns.image" -}}
 {{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
 {{- end }}
+
+{{/*
+Keep backward compatibility on provider
+*/}}
+{{- define "external-dns.providername" -}}
+{{- if eq (typeOf .Values.provider) "string" }}
+{{- .Values.provider }}
+{{- if contains "/" .Values.provider }}
+{{- fail "A provider image must be specified as provider.name" }}
+{{- end }}
+{{- else }}
+{{- .Values.provider.name }}
+{{- end }}
+{{- end }}

charts/external-dns/templates/_helpers.tpl

@@ -1,3 +1,4 @@
+{{- $providername := include "external-dns.providername" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -103,7 +104,11 @@ spec:
             {{- range .Values.domainFilters }}
             - --domain-filter={{ . }}
             {{- end }}
-            - --provider={{ tpl .Values.provider $ }}
+            {{- if contains "/" $providername }}
+            - --provider=webhook
+            {{- else }}
+            - --provider={{ tpl $providername $ }}
+            {{- end }}
           {{- range .Values.extraArgs }}
             - {{ tpl . $ }}
           {{- end }}
@@ -115,9 +120,9 @@ spec:
             {{- toYaml .Values.livenessProbe | nindent 12 }}
           readinessProbe:
             {{- toYaml .Values.readinessProbe | nindent 12 }}
-          {{- if or .Values.secretConfiguration.enabled .Values.extraVolumeMounts }}
+          {{- if or .Values.secretConfiguration.mountPath .Values.extraVolumeMounts }}
           volumeMounts:
-            {{- if .Values.secretConfiguration.enabled }}
+            {{- if .Values.secretConfiguration.mountPath }}
             - name: secrets
               mountPath: {{ tpl .Values.secretConfiguration.mountPath $ }}
             {{- with .Values.secretConfiguration.subPath }}
@@ -132,9 +137,51 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- if or .Values.secretConfiguration.enabled .Values.extraVolumes }}
+        {{- if contains "/" $providername }}
+        - name: provider
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: {{ tpl $providername $ }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.provider.env }}
+          env:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          args:
+          {{- range .Values.provider.args }}
+            - {{ tpl . $ }}
+          {{- end }}
+          ports:
+            - name: provider-metrics
+              protocol: TCP
+              containerPort: 8080
+          livenessProbe:
+            {{- toYaml .Values.provider.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .Values.provider.readinessProbe | nindent 12 }}
+          {{- if or .Values.provider.secretConfiguration.mountPath .Values.provider.extraVolumeMounts }}
+          volumeMounts:
+            {{- if .Values.provider.secretConfiguration.mountPath }}
+            - name: secrets
+              mountPath: {{ tpl .Values.provider.secretConfiguration.mountPath $ }}
+            {{- with .Values.provider.secretConfiguration.subPath }}
+              subPath: {{ tpl . $ }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.provider.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- end }}
+          {{- with .Values.provider.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- end }}
+      {{- if or .Values.secretConfiguration.mountPath (and (contains "/" $providername) .Values.provider.secretConfiguration.mountPath) .Values.extraVolumes }}
       volumes:
-        {{- if .Values.secretConfiguration.enabled }}
+        {{- if or .Values.secretConfiguration.mountPath (and (contains "/" $providername) .Values.provider.secretConfiguration.mountPath) }}
         - name: secrets
           secret:
             secretName: {{ include "external-dns.fullname" . }}

charts/external-dns/templates/deployment.yaml

@@ -2,9 +2,6 @@
   "$schema": "http://json-schema.org/draft-07/schema",
   "type": "object",
   "properties": {
-    "provider": {
-      "type": "string"
-    },
     "extraArgs": {
       "type": "array",
       "items": {

charts/external-dns/values.schema.json

@@ -180,7 +180,43 @@ txtSuffix: ""
 
 domainFilters: []
 
-provider: aws
+provider:
+  # The name of the DNS provider. This can be either a built-in provider or a provider image to run as a sidecar container.
+  name: "aws"
+  # Arguments to pass to the provider container (these can be templated).
+  args: []
+  # [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the provider container; this supports the full [EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core) API including secrets and configmaps.
+  env: []
+  # Additional volume mounts for the provider container; this supports the full [VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) API.
+  extraVolumeMounts: []
+  # [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for the provider container; this supports the full [Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#probe-v1-core) API.
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: provider-metrics
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 2
+    successThreshold: 1
+  # [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for the webhook container; this supports the full [Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#probe-v1-core) API.
+  readinessProbe:
+    httpGet:
+      path: /healthz
+      port: provider-metrics
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+  # Resource requests and limits for the provider container; this supports the full [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core) API.
+  resources: {}
+
+  secretConfiguration:
+    # Mount path of secret configuration secret in the provider container (this can be templated).
+    mountPath: ""
+    # Sub-path of secret configuration secret in the provider container (this can be templated).
+    subPath: ""
 
 extraArgs: []